No worries, I installed it for you.

Google protecting Google from FOSS.

They’re right too, after using Immich I don’t want to go back.

Have you tried our lord and savior NixOS?

You can customize any package down to source patches but everything you leave at default just gets downloaded. I even had custom kernel patches that worked across kernel updates without modification and all it costs is:

• 1 human soul
• 90 Years of linux experience
• Learning Nix

Me myself and I.

Also a third party for some family connections.

I run wireguard and Android with chrome cause firefox doesn’t support pwa. Did you add it to your home screen?

https://silverbullet.md/PWA

Edit: Also I run release V2

It just works™?

Silverbullet supports working offline as a pwa, just click install on the website and you get a shortcut to the web app that you can use online and offline, open it when your online again to sync your changes to the other devices.

Can recommend, works offline and online with PWA support and stores everything in Markdown files for easy migration if you want to change your frontend.

Did you follow the guide?

https://docs.searxng.org/admin/installation-docker.html#installation-container

It is expected, the users inside the container are “real” users. They just get offset inside the container and some mapping is applied:

Root inside the container is mapped outside to the user running the container, everything that has the owner “root” inside the container can be read from outside the container as your user.

Everything that is saved as non-root inside the container gets mapped to the first subuid in /etc/subuids for your user + the uid inside the container.

You can change this mapping such that, for example, user 1000 inside the container gets mapped to your user outside the container.

An example:

You have a postgres database inside a container with a volume for the database files. The postgres process inside the container doesn’t run as root but instead runs as uid 100 as such it also saves its files with that user.
If you look at the volume outside the container you will get a permission denied error because it is owned by user 100100 (subuids starts at 100000 and usid inside container is 100).

To fix: Either run your inner processes as root, this can often be done using environment variables and has almost no security impact or add --userns keep-id:uid=100,gid=100 to the cmdline to make uid 100 inside the container map to your user instead of root (this creates a new image automatically and takes a while on the first run)

I though that was the point of surveys?

Maybe

I don’t like Source-available software, especially when they’ve changed from a more open license to this.

To add to this, “Open WebUI” needs to be included, as is and without modifications in all derivations. The term is also trade marked and as such, cannot be distributed without the trade mark owners approval…

https://trademarks.ipo.gov.uk/ipo-tmcase/page/Results/2/WO0000001844530

There are multiple reasons but the most important one is: You didn’t enable it.

Caddy fully supports https to the reverse proxy targets, though you’d have to get those targets trusted certificates otherwise caddy wouldn’t connect.

The default protocol for backends is http, most of the time this isn’t a problem because:

• The web server runs on the local machine
• The web server runs in containers/vms on the local machine
  • or is running in a VM and has a direct virtual connection with the caddy vm
• The connection to the Backend is encrypted with a VPN
• Caddy and the web server are directly connected or connected through an otherwise isolated network

Because https requires certificates that are somewhat difficult to set up for internal servers (and were even harder to get before) the default mostly is just to encrypt on another layer of the stack. Afaik at least.

Just use archive.pdf

Something like yggdrasil would work or a daemon that publishes mdns and connects to known peers.

I’ve searched dor something like this in the past and didn’t find anything.
I’ve though of hacking together a few scripts or 8n8 to interface with freshrss to do this but it’s far down my list™

Disable the firewall if you can to check if that’s the issue, then do a tcpdump using root with the port. Do tcpdump inside the container too and compare what you see to the docker environment.

Is caddy-caddy really the correct image?

Try with this command, it’s the minimal setup that works by default (on my machine): podman run -p 0.0.0.0:5050:80 docker.io/library/caddy:latest

Use ss -tlpn or podman ps to show what ports podman is listening on, my guess is it is only listening on localhost.

is kludging NAT for IPv6 not a better solution versus ULA addresses?

There are very few hosts that allow only ipv6 (though there are many who only do ipv4). Ipv6 would improve internet stability and long-term communication when you’re not using a nat but that isn’t what you’re trying to build. Seeing as you’re not getting any advantage anyway I recommend ULA because it won’t get in the way of possible future migration to GUA ipv6 (globally unicast address) and still run over the ipv6 network while also avoiding Nat.

Or is the clear answer just use IPv6 as intended and let the devices handle their privacy with IPv6 privacy extensions?

It’s my clear answer at least.

If you don’t want that you can use ULA addresses for now and later add GUA ipv6 addresses. ULAs are meant to be used when you only have a dynamic ipv6 prefix so that internal devices can have ipv6 internet (GUA) while also having a static ipv6 address(ULA).